breautek commented on issue #364: URL: https://github.com/apache/cordova/issues/364#issuecomment-1353309380
There isn't really enough information here to say the cause. You might have to get into contact with AVG to see if they can provide more details on what or why it considers your app a threat. It could be one of those plugins, it could be a dependency one of those plugins is importing, it could be a sub-dependency of one of those plugins. The point is, it could be anything. In fact, it could even be a false positive by AVG. If what it considers a threat is reported as a security vulnerability and has a CVE, `npm audit` may give you a hint to where to look. But without knowing specific details on what AVG is "finding", then you're going on a wild goose chase. NPM Audit is littered with low risk vulnerabilities that is likely doesn't apply to you, or the app, or may only apply to the development machine but not the actual runtime, so there will likely be noise to shift through. I'd also suggest running `npm upgrade` to update your dependency tree with the latest dependencies that packages uses, before you run `npm audit` which will likely resolve most of any audit issues and reduce that noise. Since this doesn't describe a bug, I'll be converting this into a Discussion. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
